Quickstart: Call the Microsoft Graph API from a Universal Windows Platform (UWP) application

In this quickstart, you download and run a code sample that demonstrates how a Universal Windows Platform (UWP) application can sign in users and get an access token to call the Microsoft Graph API.

See How the sample works for an illustration.

Prerequisites

Register and download your quickstart app

You have two options to start your quickstart application:

Option 1: Register and auto configure your app and then download your code sample

  1. Go to the new Azure portal - App registrations pane.
  2. Enter a name for your application and click Register.
  3. Follow the instructions to download and automatically configure your new application for you in one click.

Option 2: Register and manually configure your application and code sample

Step 1: Register your application

To register your application and add the app's registration information to your solution, follow these steps:

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
  2. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.
  3. Navigate to the Microsoft identity platform for developers App registrations page.
  4. Select New registration.
  5. In Register an application, enter your application's registration information:
    • In the Name section, enter a meaningful application name that will be displayed to users of the app, for example UWP-App-calling-MsGraph.
    • In the Supported account types section, select Accounts in any organizational directory and personal Microsoft accounts (for example, Skype, Xbox, Outlook.com).
  6. Select Register to create the application, and then record the Application (client) ID for use in a later step.
  7. Under Manage, select Authentication.
  8. Select Add a platform > Mobile and desktop applications.
  9. Under Redirect URIs, select https://login.microsoftonline.com/common/oauth2/nativeclient.
  10. Select Configure.

Step 1: Configure the application

For the code sample for this quickstart to work, you need to add a redirect URI as https://login.microsoftonline.com/common/oauth2/nativeclient.

Already configured Your application is configured with these attributes.

Step 2: Download the Visual Studio project

Run the project using Visual Studio 2019.

Step 3: Your app is configured and ready to run

We have configured your project with values of your app's properties and it's ready to run.

Note

Enter_the_Supported_Account_Info_Here

Step 3: Configure the Visual Studio project

  1. Extract the .zip archive to a local folder close to the root of your drive. For example, into C:\Azure-Samples.

  2. Open the project in Visual Studio. Install the Universal Windows Platform development workload and any individual SDK components if prompted.

  3. In MainPage.Xaml.cs, change the value of the ClientId variable to the Application (Client) ID of the application you registered earlier.

    private const string ClientId = "Enter_the_Application_Id_here";
    

    You can find the Application (client) ID on the app's Overview pane in the Azure portal (Azure Active Directory > App registrations > {Your app registration}).

  4. Create and then select a new self-signed test certificate for the package:

    1. In the Solution Explorer, double-click the Package.appxmanifest file.
    2. Select Packaging > Choose Certificate... > Create....
    3. Enter a password and then select OK.
    4. Select Select from file..., and then select the Native_UWP_V2_TemporaryKey.pfx file you just created, and select OK.
    5. Close the Package.appxmanifest file (select OK if prompted to save the file).
    6. In the Solution Explorer, right-click the Native_UWP_V2 project and select Properties.
    7. Select Signing, and then select the .pfx you created in the Choose a strong name key file drop-down.

Step 4: Run the application

To run the sample application on your local machine:

  1. In the Visual Studio toolbar, choose the right platform (probably x64 or x86, not ARM). The target device should change from Device to Local Machine.

  2. Select Debug > Start Without Debugging.

    If you're prompted to do so, you might first need to enable Developer Mode, and then Start Without Debugging again to launch the app.

When the app's window appears, you can select the Call Microsoft Graph API button, enter your credentials, and consent to the permissions requested by the application. If successful, the application displays some token information and data obtained from the call to the Microsoft Graph API.

How the sample works

Shows how the sample app generated by this quickstart works

MSAL.NET

MSAL (Microsoft.Identity.Client) is the library used to sign in users and request security tokens. The security tokens are used to access an API protected by Microsoft Identity platform for developers. You can install MSAL by running the following command in Visual Studio's Package Manager Console:

Install-Package Microsoft.Identity.Client

MSAL initialization

You can add the reference for MSAL by adding the following code:

using Microsoft.Identity.Client;

Then, MSAL is initialized using the following code:

public static IPublicClientApplication PublicClientApp;
PublicClientApp = PublicClientApplicationBuilder.Create(ClientId)
                                                .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
                                                    .Build();

The value of ClientId is the Application (client) ID of the app you registered in the Azure portal. You can find this value in the app's Overview page in the Azure portal.

Requesting tokens

MSAL has two methods for acquiring tokens in a UWP app: AcquireTokenInteractive and AcquireTokenSilent.

Get a user token interactively

Some situations require forcing users to interact with the Microsoft identity platform endpoint through a popup window to either validate their credentials or to give consent. Some examples include:

  • The first-time users sign in to the application
  • When users may need to reenter their credentials because the password has expired
  • When your application is requesting access to a resource, that the user needs to consent to
  • When two factor authentication is required
authResult = await App.PublicClientApp.AcquireTokenInteractive(scopes)
                      .ExecuteAsync();

The scopes parameter contains the scopes being requested, such as { "user.read" } for Microsoft Graph or { "api://<Application ID>/access_as_user" } for custom web APIs.

Get a user token silently

Use the AcquireTokenSilent method to obtain tokens to access protected resources after the initial AcquireTokenInteractive method. You don’t want to require the user to validate their credentials every time they need to access a resource. Most of the time you want token acquisitions and renewal without any user interaction

var accounts = await App.PublicClientApp.GetAccountsAsync();
var firstAccount = accounts.FirstOrDefault();
authResult = await App.PublicClientApp.AcquireTokenSilent(scopes, firstAccount)
                                      .ExecuteAsync();
  • scopes contains the scopes being requested, such as { "user.read" } for Microsoft Graph or { "api://<Application ID>/access_as_user" } for custom web APIs.
  • firstAccount specifies the first user account in the cache (MSAL supports multiple users in a single app).

Help and support

If you need help, want to report an issue, or would like to learn about your support options, see Help and support for developers.

Next steps

Try out the Windows desktop tutorial for a complete step-by-step guide on building applications and new features, including a full explanation of this quickstart.